During a clean system shutdown, the following actions take place:
All users are notified that the system will be going down, preferably giving them some reasonable advance warning.
All running processes are sent a signal telling them to terminate, allowing them time to exit gracefully, provided the program has made provisions to do so.
All subsystems are shut down gracefully, via the commands they provide for doing so.
All remaining users are logged off, and remaining processes are killed.
Filesystem integrity is maintained by completing all pending disk updates.
Depending on the type of shutdown, the system moves to single-user mode, the processor is halted, or the system is rebooted.
After taking these steps, the administrator can turn the power off, execute diagnostics, or perform other maintenance activities as appropriate.
Unix provides the
command to accomplish all of this. Generally,
shutdown sends a series of timed messages to
all users who are logged on, warning them that the system is going down;
after sending the last of these messages, it logs all users off the
system and places the system in single-user mode.
All Unix systems—even those running on PC hardware—should be shut down using the commands described in this section. This is necessary to ensure filesystem integrity and the clean termination of the various system services. If you care about what’s on your disks, never just turn the power off.
There are two main variations of the
shutdown command. The System V version is used by Solaris and
HP-UX (the latter slightly modified from the standard), and the BSD
version is used under AIX, FreeBSD, Linux, Solaris (in /usr/ucb), and Tru64.
On systems that provide it, the
telinit command also provides a fast way to
shut down (
telinit S), halt
telinit 0) or reboot the system
-y says to answer all
shutdown prompts with yes automatically, grace specifies the number of seconds to
wait before starting the process (the default is 60), new-level is the new run level in which to
place the system (the default is single-user mode) and message is a text message sent to all
users. This is the form used on Solaris systems.
Under HP-UX, the
command has the following modified form:
-y again says to answer
prompts automatically with yes, and grace is the number of seconds to wait
before shutting down. The keyword
now may be substituted for grace. The
shutdown command takes the system to
Here are some example commands that take the system to single-user mode in 15 seconds (automatically answering all prompts):
shutdown -y -g 15 -i s "system going down"Solaris #
shutdown -y 15HP-UX
The HP-UX shutdown also accepts two other options,
-h, which can be used to reboot the system
immediately or to halt the processor once the shutdown is complete
For example, these commands could be used to reboot the system immediately:
shutdown -y -g 0 -i 6 "system reboot"Solaris #
shutdown -y -r nowHP-UX
HP-UX also provides the file /etc/shutdown.allow . If this file exists, a user must be listed in it in
order to use the
(and root must be included). If
the file does not exist, only root can run
shutdown. Entries in the file consist of a
hostname followed by a username, as in these examples:
hamlet chavez Chavez can shut down hamlet. + root Root can shut down any system. dalton + Anyone can shut down dalton.
As these examples illustrate, the plus sign serves as a wildcard. The shutdown.allow file also supports the percent sign as an additional wildcard character denoting all systems within a cluster; this wildcard is not valid on systems that are not part of a cluster.
shutdown [options] time message
where time can have three forms:
mShut down in m minutes.
mShut down at the specified time (24-hour clock). now Begin the shutdown at once.
now should be used with
discretion on multiuser systems.
message is the announcement
shutdown sends to all users;
it may be any text string. For example, the following command will
shut the system down in one hour:
shutdown +60 "System going down for regular maintenance"
It warns users by printing the message “System going down for
regular maintenance” on their screens.
shutdown sends the first message
immediately; as the shutdown time approaches, it repeats the warning
with increasing frequency. These messages are also sent to users on
the other systems on the local network who may be using the system’s
files via NFS.
By default, the BSD-style
shutdown command also takes the system to
single-user mode, except on AIX systems, where the processor is halted
by default. Under AIX, the
option must be used to specify shutting down to single-user
Other options provide additional variations to the system shutdown process:
shutdown -hsays to halt the processor instead of shutting down to single-user mode. Once this process completes, the power may be safely turned off. You can also use the
haltcommand to explicitly halt the processor once single-user mode is reached.
shutdown -kinaugurates a fake system shutdown: the shutdown messages are sent out normally, but no shutdown actually occurs. I suppose the theory is that you can scare users off the system this way, but some users can be pretty persistent, preferring to be killed by
shutdownrather than log out.
The version of
found on mostLinux systems also has a
-t option which may be used to specify the
delay period between when the kernel sends the TERM signal to all
remaining processes on the system and when it sends the
KILL signal. The default is 30 seconds. The following command shuts
down the system more rapidly, allowing only 5 seconds between the two
shutdown -h -t 5 now
The command version also provides a
-a option, which provides a limited security
mechanism for the
When it is invoked with this option, the command determines whether
any of the users listed in the file /etc/shutdown.allow are currently logged in on the console (or any virtual
console attached to it). If not, the
shutdown command fails.
The purpose of this option is to prevent casual passers-by from typing Ctrl-Alt-Delete on the console and causing an (unwanted) system reboot. Accordingly, it is most often used in the inittab entry corresponding to this event.
As we’ve noted previously, one of the important parts of the
shutdown process is syncing the disks. The
sync command finishes all disk transactions
and writes out all data to disk, guaranteeing that the system can be
turned off without corrupting the files. You can execute this command
manually if necessary:
sync executed two or
three times (or even more)? I think this is a bit of Unix superstition. The
sync command schedules but does not
necessarily immediately perform the required disk writes, even though
the Unix prompt returns immediately. Multiple
sync commands raise the probability that the
write will take place before you enter another command (or turn off
the power) by taking up the time needed to complete the operation.
However, the same effect can be obtained by waiting a few seconds for
disk activity to cease before doing anything else. Typing “sync”
several times gives you something to do while you’re waiting.
There is one situation in which you do not want
sync to be executed, either manually or
automatically: when you have run
fsck manually on the root filesystem. If you
sync the disks at this point, you will rewrite the bad superblocks
stored in the kernel buffers and undo the fixing
fsck just did. In such cases, on BSD-based
systems and under HP-UX, you must use the
-n option to
shutdown to suppress the usual automatic
FreeBSD and System V are smarter about this issue. The
fsck command generally will automatically
remount the root filesystem when it has modified the root filesystem.
Thus, no special actions are required to avoid syncing the
ps -ax | grep shutdownBSD-style #
ps -ef | grep shutdownSystem V-style
Then use the
kill command to
ps -ef | grep shutdown25723 co S 0:01 /etc/shutdown -g300 -i6 -y 25800 co S 0:00 grep shutdown #
kill -9 25723
It’s only safe to kill a
shutdown command during its grace period;
once it has actually started closing down the system, you’re better
off letting it finish and then rebooting.
The Linux version of
-c option that cancels a
pending system shutdown. Every version should be so helpful.
 Solaris administrators swear that you need to do it five times to be safe; otherwise, the password file will become corrupted. I have not been able to reproduce this.